The password command in Linux: how to change user passwords safely

Posted onbyBlockmyIP| Category:Linux terminal commands

Introduction

In any Linux system, credentials management is a key task for maintaining security. The commandpasswdallows administrators and own users to change their passwords quickly and in a controlled way. Through its various options it is possible not only to update the key, but also to block accounts, establish expiry policies and consult the status of authentication. This article explains step by step how to usepasswdin an effective manner, with practical examples and recommendations of good practice.

Basic syntax of the passwd command

The simplest way to invokepasswdis simply to write your name on the terminal. Without arguments, the command requests the current password of the running user and then requests twice the new password to confirm it. The general syntax is:

passwd [options] [user]

If a user name is specified, the command acts on that account provided the process has the necessary privileges (it is usually required to be root or to have permits by sudo). The options change the command behavior, allowing actions such as blocking or unblocking the account, showing status information or defining expiry policies.

Change your own user's password

To change your own user's key, open a terminal and run:

passwd

The system will ask you:

  1. Your current password.
  2. The new password.
  3. Confirmation of new password.

If the two entries in the new password match and comply with the complexity rules set in the system (minimum length, use of special characters, etc.), the key will be updated immediately. In case of error, the command will show a message and allow to try again.

Change the password of another user (requires privileges)

Managers can modify the password of any system account. For example, to change the user keyjuanis executed:

sudo passd juan

After ordering the sudo password (if configured), the system will request the new password for the userjuanand their confirmation. The current password of that account is not requested, as the root process has the authority to overwrite it. This method is useful when you need to restore access to a user who has forgotten your key.

Useful Passwd Options

  • -l: Blocks the user account, preventing it from being self-absorbed. It is often used when a commitment is suspected.
  • -u: Unlock an account previously blocked with-l.
  • - S: Displays brief information on the status of the account, as if it is blocked, the date of the last change and the expiry policy.
  • - No days: Set the minimum number of days to pass before the user can change his password again.
  • -x days: Define the maximum number of days the password remains valid; after that period the user is required to change it.
  • -w days: Configure how many days before expiry the system will start warning the user.
  • - i days: Specifies the number of days of inactivity after expiry before the account is automatically blocked.

These options are combined according to security policy needs. For example, to establish that an expiry every 90 days, with notice 7 days before and blocking after 3 days of inactivity after expiry, could be used:

sudo passwd -x 90 -w 7 -i 3 juan

Practical examples

The following are several common scenarios:

  • Make an immediate change in the next login:
    • sudo passwd -e juan
  • See the status of the account ofmaria:
    • passwd -S maria
  • Block a user's account temporarily:
    • sudo passd -l tempuser
  • Unlock it again:
    • sudo passwd -or tempuser

Good security practices

  • It uses long and complex passwords, preferably generated by a password manager.
  • Change credentials regularly, following policies defined with options-xand-w.
  • Avoid reusing passwords between different services or accounts.
  • Regular audit of accounts withpasswd -Sto detect unusual states (such as unmotivated blocked accounts).
  • Record password changes in system logs to maintain a access history.

Conclusion

The commandpasswdis an essential tool for both common users and Linux system administrators. Its simplicity in basic use is combined with a wide range of options that allow for rigorous security policies. Knowing your syntax, modifiers and best practices ensures that credentials are kept protected and that the system can adequately respond to incidents or compliance requirements. Domainpasswddirectly contributes to a safer and more efficient management of any Linux environment.

This work is under aCreative Commons License Attribution 4.0 International for Francesc Roig francesc @ vivaldi.net.

EnglishenEnglishEnglish
SpanishesSpanishEspañolEnglishenEnglishEnglish